Joinmastodon Mastodon vulnerabilities
42 known vulnerabilities affecting joinmastodon/mastodon.
Total CVEs
42
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH13MEDIUM22LOW2
Vulnerabilities
Page 3 of 3
CVE-2025-62174P4LOWCVSS 3.5fixed in 4.2.27≥ 4.3.0, < 4.3.14+1 more2025-10-13
CVE-2025-62174 [LOW] CWE-613 CVE-2025-62174: Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using `bin/tootctl accounts modify --reset-password`, active sessions and access tokens for that account are not revoked. This allows an attacker w
nvd
CVE-2025-67500P4LOWCVSS 3.7fixed in 4.2.28≥ 4.3.0, < 4.3.15+2 more2025-12-10
CVE-2025-67500 [LOW] CWE-204 CVE-2025-67500: Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prio
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request with a non-English Accept-Language header. Using this beha
nvd
← Previous3 / 3